Application Serial No.: 09.^,687 . Attorney D^bt No.: 47004.000074 

REMARKS 

Claims 1-7, 9-18 and claims 19-21 are pending in this application. By this Amendment, 
claims 19-21 are added. Support for the amendments to the claims may be found in the 
application on page 4, lines 8-19, and in Fig. 1 for example. Reconsideration and allowance in 
view of the following remarks are respectfully requested. 
I. THE CLAIMS DEFINE PATENTABLE SUBJECT MATTER 

A. The Rejection of Claims 1-7, 9-15 and 17 

In paragraph 3, the Office Action rejects claims 1-7, 9-15 and 17 under 35 U.S.C. §102(e) 
as being anticipated by U.S. Patent No. 5,963,915 to Kirsch. This rejection is respectfully 
traversed. 

Claim 1 recites a method for accessing one of a plurality of remote service providers 
across a network via a single login to a host service provider, each of the plurality of remote 
service providers being accessible through the host service provider and each of the plurality of 
remote service providers having separate login procedures requiring data, the method comprising 
the steps of the host service provider receiving the single login from a user, the host service 
provider having a universal session manager; the universal session manager retrieving data from 
a validation database based on the single login to the host service provider, wherein the data is 
effective for accessing a selected one of the plurality of remote service providers, and wherein 
the data is based at least in part on the single login; the universal session manager transmitting 
said data to the remote service provider, the universal session manager and the remote service 
provider exchanging the data to effect a two-sided authentication; and the host service provider 
directing the user to the remote service provider. 
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The Examiner is respectfully requested to reconsider the rejection as set out in the Office 
Action. As reflected in claim 1, the teachings of Kirsch are substantially different then the 
present invention. It is respectfully submitted that the Office Action's interpretation of the 
teachings of Kirsch vis-a-vis the invention of claim 1 is misplaced. 

The Office Action asserts that as to claim 1, Kirsch discloses a method for accessing one 
of a plurality of remote service providers across a network via a single login to a host service 
provider (14 fig. 1), each of the plurality of remote service providers (16 Fig. 1) being accessible 
through the host service provider, and each of the plurality service providers having separate 
login procedures requiring data comprising the steps of: The host service provider (through an 
Internet Service Provider 14 fig. 1) receiving the single login, the service provider having a 
universal session manager (i.e., the client computer system requesting a Web page by issuing a 
URL request through Internet to the server system, see abstract, fig. 1, col. 5 line 52 to col. 6 line 
49); the universal session manager retrieving data from a validation database based on the single 
login to the service provider, wherein the data is effective for accessing a remote service provider 
and is based at least in part on the received username and password (i.e., login form using user 
identification and password, col. 6 line 22 to col. 7 line 19); and transmitting data to the remote 
service provider and directing the user to the remote service provider (using redirection request, 
see col. 6 lines 28-62), the universal session manager and the remote service provider 
exchanging the data to effect a two-sided authentication (i.e., processing of a transaction T-2 
over the server 34 of fig. 2 to the remote server 22 of fig. 2, see also fig. 2, col. 7 line 20 to col. 8 
line 63 and col. 10 lines 5-46); and the host service provider directing the user to the remote 
service provider (using the direct-server, see col. 6 line 50 to col. 7 line 42). These assertions in 
the Office Action are respectfully traversed. 
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Applicant first notes that the Office Action asserts that Kirsch discloses a method for 
accessing one of a plurality of remote service providers across a network via a single login to a 
host service provider (14 fig. 1). However, Kirsch's component 14 is simply the Internet as 
described in Kirsch in column 5, lines 51-67. Kirsch's component 14 cannot be fairly interpreted 
to teach the claimed host service provider. 

Further compounding the deficiencies of the rejection, the Office Action asserts that the 
service provider has a universal session manager (i.e., the client computer system requesting a 
Web page by issuing a URL request through Internet to the server system, see abstract, fig. 1, 
col. 5 line 52 to col. 6 line 49). That is, the Office Action appears to be clearly referring to the 
client computer system 12. Accordingly, the Office Action is effectively asserting that the 
Internet has the client computer system and that such arrangement of Kirsch teaches the claimed 
features of "the host service provider'receiving the single login from a user, the host service 
provider having a universal session manager", as recited in claim 1. Applicant respectfully 
submits that such interpretation of Kirsch, so as to allegedly teach the claimed invention, is 
unsupportable. 

Further, the Office Action asserts that Kirsch teaches the universal session manager 
retrieving data from a validation database based on the single login to the service provider. 
However, the Office Action fails to set forth what teaching of Kirsch has been interpreted to 
constitute the validation database. Kirsch's Fig. 1, for example, teaches the client 12, the 
Internet 14, and the server 16. The Office Action has interpreted the Internet 14 to be the 
claimed host service provider (see Office Action paragraph 3, line 4). The Office Action has 
interpreted the client computer system 12 to be the universal session manager. Further claim 1 
clearly recites the host service provider receiving the single login from a user, the host service 
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provider having a universal session manager; the universal session manager retrieving data from 
a validation database based on the single login to the host service provider. Accordingly, 
Applicant submits that it is fully unclear what component of Kirsch the Office Action is 
interpreting to constitute the claimed validation database. The Examiner is respectfully 
requested to clarify this aspect of the rejection. 

Further, Applicant notes Kirsch at column 8, lines 14-20, where Kirsch teaches that 
cookie data, when received by the Server-2 34 in connection with a purchase request URL, is 
then used to lookup a client database record in the database 36. The cookie data may be decoded 
and compared with the record contents to validate the cookie. Assuming that the comparison is 
correct, the identified record is then used as the source of billing related information, needed by 
the Server-2 34 to fulfill the client user's purchase request, as described by Kirsch. However, it is 
respectfully submitted that such teaching clearly fails to teach or suggest the features of claim 1 
relating to the host service provider, the universal session manager, and the validation database, 
and the interrelationship therebetween. 

Further, Applicant in particular notes Kirsch at column 10, lines 15-25. Kirsch describes 
that selection of a URL 32 preferably results in the establishment of a transaction T6 with the 
Server-5 44. Although the Server-5 44 may be a secure server and preferably maintains a 
database 45 of client user account records and Web pages detailing certain products and services 
available for apparently direct purchase, the Server-5 44 may itself maintain pre-established 
credit relationships with any number of other servers, such as Server-4 40. Kirsch further 
describes that in response to a URL request for product information or to purchase a selected 
product, the Server-5 44 may establish a transaction T7 with the Server-4 40. However, it is 
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submitted that such disclosure of Kirsch also fails to teach or suggest the particular features of 
claim 1. 

For the above reasons, it is respectfully submitted that there are various deficiencies in 
the rejection. Accordingly, it is submitted that Kirsch fails to teach or suggest the claimed 
features as recited in claim 1. 

For at least the above reasons, Applicant respectfully submits that independent claim 1 
defines patentable subject matter. Further, Applicant submits that independent claim 7 defines 
patentable subject matter for reasons similar to those discussed above with respect to claim 1. 

Claims 2-6, 9-15 and 17, as well as added claims 19-21 variously depend from the 
independent claims and therefore also define patentable subject for the reasons set forth above 
with respect to the independent claims, as well as for the additional features such dependent 
claims recite. 

The Office Action asserts that as to claims 2 and 10, Kirsch discloses a trusted service 
module acts as an intermediary between the host service provider and the trusted service provider 
(i.e., establishing a secure session transaction with the server, see col. 9 line 23 to col. 10 line 
62). With regard to this portion of the rejection, Applicant respectfully requests that the 
Examiner clarify the particular components of Kirsch that have been interpreted to be the 
claimed trusted service module and trusted service provider of claim 2. It appears that the Office 
Action is asserting that establishing a secure session transaction with the server teaches such 
specific components as claimed, and such assertion is not understood by Applicant. 

Added claim 19 recites wherein the validation database transmits data to the universal 
session manager of the host service provider indicating which services the user is enrolled. 
Kirsch fails to teach or suggest such claimed features. Further, claim 20 is added to further recite 
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the interrelationship between the host service provider and the user, i.e., claim 19 recites wherein 
the host service provider receiving the single login from the user is performed over a network. 

For the reasons discussed above, Applicant respectfully submits that Kirsch fails to teach 
or suggest the features of the rejected claims. Reconsideration and withdrawal of the rejection 
under 35 U.S.C. 102 is respectfully requested. 

B. The Rejection of Claims 16 and 18 

In the Office Action, claims 16 and 18 are rejected under 35 U.S.C. § 103 over Kirsch. 
This rejection is respectfully traversed. 

The Office Action asserts Kirsch discloses a series of handshake (i.e., providing a series 
of handshake transactions to negotiate the establishment of the secure transactions, see col. 2 
lines 1-46) which may includes a set of one, two, three... handshake transactions between the two 
servers; and that therefore, Kirsch discloses a triple handshake as the applicant's claimed 
invention. These assertions are respectfully traversed. 

In the "Background of the Invention" Kirsch teaches in column 2, lines 12-32, that a 
conventional uniform resource locator (URL), utilizing "https" as the secure HTTP protocol 
identifier, is issued by the client browser to specifically request a secure client/server session. 
Kirsch further describes that a series of handshake transactions are provided to negotiate the 
establishment of the secure session including performing an encryption key exchange that is used 
in an encryption algorithm implemented by both the client-side and server-side secure sockets 
layers. As part of this handshaking, the client browser may also retrieve the authentication 
certificate of the server for validation against a known certificate authority to ensure that the 
server is not an imposter. Kirsch teaches the secure HTTP protocol permits the server to also 
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request and validate the authentication certificate, if any, held by the client. Kirsch describes 
various further aspects of handshakes. 

However, as noted above, such teachings related to handshakes is set forth in the 
"Background of the Invention" of Kirsch, i.e., a general teaching of a handshake. In contrast, the 
rejection of claim 1, for example, as set forth in the Office Action relies on the teaching of 
Kirsch's invention, i.e., not of course part of the "Background of the Invention" of Kirsch. 
Accordingly, Applicant traverses the rejection of claims 16 and 18 since the Office Action relies 
collectively on the teachings of Kirsch in the "Background of the Invention" and in the invention 
of Kirsch, but provides no motivation, or even acknowledgment, that such teachings of the 
"Background of the Invention" of Kirsch have effectively been combined with the teachings of 
Kirsch's invention - in an attempt to teach Applicant's claimed invention. Applicant respectfully 
submits that the rejection is improper in taking these disparate teachings of Kirsch and 
combining such teachings without acknowledgment or motivation, i.e., so as to allegedly teach 
the two-sided authentication and triple handshake in the particular claimed environment of claim 
16, for example. 

Accordingly, for at least the above reasons, Applicant respectfully submits that 
independent claim 1, as well as claim 7, defines patentable subject matter. Claims 16 and 18 
depend from independent claims 1 and 7 respectively, and therefore also define patentable 
subject matter for the reasons set forth above with respect to claims 1 and 7, as well as for the 
additional features claims 16 and 18 recite, as discussed above. Reconsideration and withdrawal 
of the rejection under 35 U.S.C. 103 is respectfully requested. 
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n. CONCLUSION 

For at least the reasons outlined above, Applicant respectfully asserts that the application 
is in condition for allowance. Favorable reconsideration and allowance of the claims are 
respectfully solicited. 

For any fees due in connection with filing this Response the Commissioner is hereby 
authorized to charge the undersigned's Deposit Account No. 50-0206. 

Should the Examiner believe anything further is desirable in order to place the 
application in even better condition for allowance, the Examiner is invited to contact Applicant's 
undersigned representative at the telephone number listed below. 




Hunton & Williams 
1900 K Street, N.W., Suite 1200 
Washington, D.C. 20006-1109 
(202) 955-1500 



Dated: July 9, 2003 



